cilium
/
.clomonitor.yml
22 строки · 984.0 Байт
1# CLOMonitor metadata file
2
3exemptions:
4- check: slack_presence
5reason: "The Cilium slack community can be found at http://slack.cilium.io/" # Justification of this exemption
6
7- check: dangerous_workflow
8reason: >
9"It is safe to run code checkout '${{ github.event.pull_request.head.sha }}'
10and 'github.event.pull_request.head.ref' in .github/workflows/build-images-base.yaml
11as this workflow is only permitted to be executed after an explicit approval of a
12subset of committers."
13
14- check: signed_releases
15reason: >
16"All Cilium release images are cryptographically signed during build by cosign.
17Images are hosted in Quay. OpenSSF Scorecard check is currently limited to repositories
18hosted on GitHub, and does not support other source hosting repositories."
19
20- check: token_permissions
21reason: >
22"Reason to use every non-read-only token in GitHub workflows is commented in the respective workflow files."
23